Wellspring Worldwide

Compensation

Full Description

General Summary We are seeking a motivated Security Engineer to join our security and compliance team. This role is ideal for someone early in their career who has experience supporting ISO 27001 and SOC 2 initiatives, exposure to cloud and network security, and hands-on familiarity with identity and access management (IAM) and single sign-on (SSO) platforms. The Security Engineer will assist in maintaining secure systems, supporting audits, and collaborating with IT and engineering teams to strengthen our overall security posture. Key Responsibilities Assist in maintaining compliance with ISO 27001 and SOC 2 frameworks, including documentation, evidence gathering, and control implementation. Support cloud security operations (AWS, Azure, or GCP), focusing on identity management, configuration reviews, and security monitoring. Contribute to network security tasks such as firewall rule reviews, VPN configuration support, and log analysis. Help implement and maintain SSO integrations (SAML, OIDC) and multi-factor authentication across enterprise applications. Perform and document vulnerability scans, track remediation efforts, and assist in patch management processes. Collaborate with IT, DevOps, and Engineering teams to align technical controls with security policies. Participate in security incident response activities, including initial triage and escalation. Identify gaps between security processes and policies and assist with alignment. Contribute to training materials and ensure training compliance. Stay current on emerging security threats, tools, and compliance requirements. Qualifications 1–3 years of professional experience in IT security, systems administration, or a related technical field. Familiarity with ISO 27001 and SOC 2 compliance frameworks. Hands-on experience with cloud platforms (AWS, Azure, or GCP). Understanding of networking fundamentals (TCP/IP, firewalls, VPNs, IDS/IPS). Experience with IAM / SSO technologies (Okta, Azure AD, Entra ID, Ping, etc.). Basic knowledge of vulnerability management tools and security monitoring practices. Strong written and verbal communication skills; ability to document processes clearly. Nice to Have Exposure to additional compliance frameworks (FedRAMP, HIPAA, GDPR). Experience with scripting or automation (Python, PowerShell, Bash). Familiarity with SIEM platforms (Splunk, Sentinel, etc.). Security-related certifications (CompTIA Security+, CCSP, ISO 27001 Internal Auditor) a plus. Additional Requirements US Citizenship required and you must work in the United States to qualify for this role.